linux/sound/core
Kosuke Tatsukawa 694470273d ALSA: seq_oss: fix waitqueue_active without memory barrier in snd-seq-oss
snd_seq_oss_readq_put_event() seems to be missing a memory barrier which
might cause the waker to not notice the waiter and miss sending a
wake_up as in the following figure.

    snd_seq_oss_readq_put_event		    snd_seq_oss_readq_wait
------------------------------------------------------------------------
					/* wait_event_interruptible_timeout */
					 /* __wait_event_interruptible_timeout */
					  /* ___wait_event */
					  for (;;) {									 prepare_to_wait_event(&wq, &__wait,
					    state);
spin_lock_irqsave(&q->lock, flags);
if (waitqueue_active(&q->midi_sleep))
/* The CPU might reorder the test for
   the waitqueue up here, before
   prior writes complete */
					  if ((q->qlen>0 || q->head==q->tail)
					  ...
					  __ret = schedule_timeout(__ret)
if (q->qlen >= q->maxlen - 1) {
memcpy(&q->q[q->tail], ev, sizeof(*ev));
q->tail = (q->tail + 1) % q->maxlen;
q->qlen++;
------------------------------------------------------------------------

There are two other place in sound/core/seq/oss/ which have similar
code.  The attached patch removes the call to waitqueue_active() leaving
just wake_up() behind.  This fixes the problem because the call to
spin_lock_irqsave() in wake_up() will be an ACQUIRE operation.

I found this issue when I was looking through the linux source code
for places calling waitqueue_active() before wake_up*(), but without
preceding memory barriers, after sending a patch to fix a similar
issue in drivers/tty/n_tty.c  (Details about the original issue can be
found here: https://lkml.org/lkml/2015/9/28/849).

Signed-off-by: Kosuke Tatsukawa <tatsu@ab.jp.nec.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2015-10-09 09:45:52 +02:00
..
oss ALSA: replace CONFIG_PROC_FS with CONFIG_SND_PROC_FS 2015-05-27 21:25:19 +02:00
seq ALSA: seq_oss: fix waitqueue_active without memory barrier in snd-seq-oss 2015-10-09 09:45:52 +02:00
compress_offload.c ALSA: Simplify snd_device_register() variants 2015-02-02 17:01:26 +01:00
control_compat.c
control.c ALSA: ctl: fix to handle several elements added by one operation for userspace element 2015-04-13 10:31:49 +02:00
ctljack.c ALSA: jack: Fix endless loop at unique index detection 2015-06-26 06:59:57 +02:00
device.c Merge branch 'topic/hda-unbind' into for-next 2015-03-16 14:48:20 +01:00
hrtimer.c sound: Use hrtimer_resolution instead of hrtimer_get_res() 2015-04-22 17:06:48 +02:00
hwdep_compat.c
hwdep.c ALSA: replace CONFIG_PROC_FS with CONFIG_SND_PROC_FS 2015-05-27 21:25:19 +02:00
info_oss.c ALSA: core: Clean up OSS proc file management 2015-04-24 17:31:08 +02:00
info.c ALSA: info: Drop kerneldoc comment from snd_info_create_entry() 2015-05-18 09:45:11 +02:00
init.c ALSA: Fix uninintialized error return 2015-06-29 19:08:31 +02:00
isadma.c
jack.c ALSA: jack: Remove MODULE_*() macros 2015-05-21 11:32:51 +02:00
Kconfig ALSA: Kconfig: add config item SND_PROC_FS for expert 2015-05-27 21:25:17 +02:00
Makefile ALSA: replace CONFIG_PROC_FS with CONFIG_SND_PROC_FS 2015-05-27 21:25:19 +02:00
memalloc.c genalloc: rename of_get_named_gen_pool() to of_gen_pool_get() 2015-06-30 19:45:01 -07:00
memory.c ALSA: Include linux/uaccess.h and linux/bitopts.h instead of asm/* 2015-01-28 17:25:07 +01:00
misc.c ALSA: Allow pass NULL dev for snd_pci_quirk_lookup() 2014-10-08 12:08:38 +02:00
pcm_compat.c ALSA: core: pass audio tstamp config from userspace in compat mode 2015-02-20 17:30:05 +01:00
pcm_dmaengine.c ALSA: Fix spelling typo in Documentation/DocBook/alsa-driver-api.xml 2015-03-04 12:12:59 +01:00
pcm_drm_eld.c ALSA: pcm: add DRM ELD helper 2015-05-22 16:01:44 +02:00
pcm_iec958.c ALSA: pcm: add IEC958 channel status helper 2015-05-22 16:01:47 +02:00
pcm_lib.c ALSA: pcm: Modify double acknowledged interrupts check condition 2015-05-19 09:32:29 +02:00
pcm_memory.c ALSA: Include linux/io.h instead of asm/io.h 2015-01-28 16:49:33 +01:00
pcm_misc.c ALSA: pcm: Add big-endian DSD sample formats and fix XMOS DSD sample format 2014-11-21 15:13:28 +01:00
pcm_native.c ALSA: pcm: Avoid double hw_free calls at releasing a stream 2015-09-29 12:57:42 +02:00
pcm_timer.c
pcm_trace.h ALSA: pcm: Replace PCM hwptr tracking with tracepoints 2014-11-04 14:09:14 +01:00
pcm.c ALSA: pcm: remove structure member of 'struct snd_pcm_hwptr_log *' type because this structure had been removed 2015-09-13 12:03:15 +02:00
rawmidi_compat.c
rawmidi.c ALSA: core: Drop superfluous error/debug messages after malloc failures 2015-03-10 15:42:14 +01:00
rtctimer.c ALSA: timer: Use standard printk helpers 2014-02-14 08:14:17 +01:00
sgbuf.c ALSA: core: Deletion of unnecessary checks before two function calls 2014-11-21 20:06:57 +01:00
sound_oss.c ALSA: replace CONFIG_PROC_FS with CONFIG_SND_PROC_FS 2015-05-27 21:25:19 +02:00
sound.c ALSA: replace CONFIG_PROC_FS with CONFIG_SND_PROC_FS 2015-05-27 21:25:19 +02:00
timer_compat.c
timer.c ALSA: replace CONFIG_PROC_FS with CONFIG_SND_PROC_FS 2015-05-27 21:25:19 +02:00
vmaster.c